Hi,
I've pasted my debug output into the web tool and it picks out the following in red
security { max_attributes = 200 reject_delay = 1 (This line in red) status_server = yes }
(all in red) Module: Instantiating attr_filter.access_reject attr_filter attr_filter.access_reject { attrsfile = "/etc/raddb/attrs.access_reject"
ignore those - the word 'reject' is being flagged without context.
[pap] WARNING! No "known good" password found for the user. Authentication may fail because of this. (In yellow)
okay.
I also see (not highlighted) that I'm still getting
[mschap] No Cleartext-Password configured. Cannot create LM-Password. [mschap] No Cleartext-Password configured. Cannot create NT-Password. [mschap] Told to do MS-CHAPv2 for holmes@mydomain.ox.ac.uk with NT-Password [mschap] FAILED: No NT/LM-Password. Cannot perform authentication. [mschap] FAILED: MS-CHAP2-Response is incorrect
and that will mean that MSCHAPv2 wont be working
I have configured modules/mschap to use ntlm_auth as follows
ntlm_auth = "/usr/bin/ntlm_auth --request-nt-key --username=%{mschap:User-Name:-None} --domain=%{%{mschap:NT-Domain}:-MYDOMAIN} --challenge=%{mschap:Challenge:-00} --nt-response=%{mschap:NT-Response:-00}"
Am I missing something in the MSCHAP config?
how are you testing this - a real client, command line tool etc? when you run it in full debug mode - and you arent helping yourself by failing to post that here - you should see the incantation of the ntlm_auth line - if not, then its not being called...and it would be with the default configuration files. alan